CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede kakster Nybegynder
03. marts 2008 - 22:10 Der er 20 kommentarer og
1 løsning

Spyware - hijack this log

Hej

Jeg har læst mig frem til at hijackthis er rigtig god til at finde alle mulige spyware. jeg ved at jeg har mindst 1. det er toolbaren ekvgsnw.

men her er loggen, håber der er nogle der akan hjælpe:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:17, on 03-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\programmer\steam\steam.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rune\Skrivebord\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.travian.dk/?ad=10007_1073900003
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SXG Advisor - {0F240256-9E39-4E57-AD5C-55700B7A2388} - C:\WINDOWS\dgtxrdfwrv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Programmer\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programmer\Fælles filer\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.adesk.dk
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187945380421
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O21 - SSODL: alofkmn - {4E144715-EE6F-4ADE-B118-3E6F7CDB8B48} - C:\WINDOWS\alofkmn.dll
O21 - SSODL: SrvService - {bc0d6d9a-d280-4dbf-a2a6-d937a4b2bf56} - C:\WINDOWS\Installer\{bc0d6d9a-d280-4dbf-a2a6-d937a4b2bf56}\SrvService.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe

--
End of file - 8088 bytes
Avatar billede Computer Hjælp (Gratis) Mester
03. marts 2008 - 22:22 #1
Jeg ser på den...
Avatar billede kakster Nybegynder
03. marts 2008 - 22:25 #2
fantastisk :P
Avatar billede kakster Nybegynder
03. marts 2008 - 22:26 #3
har selv prøvet at søge på google og fjerne en dll fil. men det fjerner den åbenbart ikke helt.
Avatar billede Computer Hjælp (Gratis) Mester
03. marts 2008 - 22:37 #4
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.travian.dk/?ad=10007_1073900003

O2 - BHO: SXG Advisor - {0F240256-9E39-4E57-AD5C-55700B7A2388} - C:\WINDOWS\dgtxrdfwrv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programmer\Fælles filer\Adobe\Updater5\AdobeUpdater.exe
O21 - SSODL: alofkmn - {4E144715-EE6F-4ADE-B118-3E6F7CDB8B48} - C:\WINDOWS\alofkmn.dll
O21 - SSODL: SrvService - {bc0d6d9a-d280-4dbf-a2a6-d937a4b2bf56} - C:\WINDOWS\Installer\{bc0d6d9a-d280-4dbf-a2a6-d937a4b2bf56}\SrvService.dll (file missing)

Genstart normalt, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------
Avatar billede kakster Nybegynder
03. marts 2008 - 22:51 #5
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:19, on 03-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmer\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\programmer\steam\steam.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rune\Skrivebord\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [NSLauncher] C:\Programmer\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.adesk.dk
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187945380421
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O21 - SSODL: alofkmn - {641F99A8-B510-4B75-8836-C0F872A323F0} - C:\WINDOWS\alofkmn.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe

--
End of file - 7132 bytes
Avatar billede Computer Hjælp (Gratis) Mester
04. marts 2008 - 07:36 #6
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.
Avatar billede kakster Nybegynder
04. marts 2008 - 08:25 #7
Mange tak for hjælpen. :)
Avatar billede magictouch Nybegynder
04. marts 2008 - 15:50 #8
Det er vist en ret hasarderet påstand, at den er ren:
03/03-2008 22:51:57
O21 - SSODL: alofkmn - {641F99A8-B510-4B75-8836-C0F872A323F0} - C:\WINDOWS\alofkmn.dll
Avatar billede fromsej Praktikant
04. marts 2008 - 16:09 #9
Added by a variant of the MyGeek/CPVFeed adware.
Avatar billede Computer Hjælp (Gratis) Mester
04. marts 2008 - 16:35 #10
(Der har jeg vist været for morgensøvnig!!!)
Avatar billede kakster Nybegynder
04. marts 2008 - 17:51 #11
oki mange tak for det :D
Avatar billede fromsej Praktikant
04. marts 2008 - 18:06 #12
-- Hent denne fil:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)

Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Gå så ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

-- Kør så combofix.exe, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind, sammen med en ny log fra Hijackthis.
Altså tre logs ialt.
Avatar billede kakster Nybegynder
04. marts 2008 - 18:19 #13
oki det gør jeg lige senere da det er for en kami jeg har gjort det. Så poster nok noget omkring kl 20
Avatar billede kakster Nybegynder
04. marts 2008 - 21:44 #14
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:56, on 04-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\programmer\steam\steam.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rune\Skrivebord\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [NSLauncher] C:\Programmer\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.adesk.dk
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187945380421
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe

--
End of file - 6890 bytes

---------------------COMBO FIX--------------------------------------------------------
ComboFix 08-03-04.3 - Rune 2008-03-04 21:33:05.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.1359 [GMT 1:00]
Running from: C:\Documents and Settings\Rune\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://58.65.234.25
.
(((((((((((((((((((((((((  Files Created from 2008-02-04 to 2008-03-04  )))))))))))))))))))))))))))))))
.

2008-03-04 21:17 . 2008-03-04 21:17    <DIR>    d--------    C:\WINDOWS\ERUNT
2008-03-04 21:13 . 2008-03-04 21:30    <DIR>    d--------    C:\SDFix
2008-03-04 21:13 . 2004-08-27 13:00    391,168    --a------    C:\CF21302.exe
2008-03-03 22:44 . 2008-03-03 22:44    268    --ah-----    C:\sqmdata03.sqm
2008-03-03 22:44 . 2008-03-03 22:44    244    --ah-----    C:\sqmnoopt03.sqm
2008-03-03 21:22 . 2008-03-03 21:22    85    --a------    C:\WINDOWS\wininit.ini
2008-03-03 21:03 . 2008-03-03 21:04    <DIR>    d--------    C:\Programmer\Spybot - Search & Destroy
2008-03-03 21:03 . 2008-03-03 21:22    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-03 20:37 . 2008-03-03 20:37    <DIR>    dr-------    C:\Documents and Settings\LocalService\Foretrukne
2008-03-03 20:29 . 2008-03-03 20:40    <DIR>    d-a------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 20:21 . 2008-03-02 20:21    <DIR>    d--------    C:\Programmer\Lavasoft
2008-03-02 20:21 . 2008-03-02 20:21    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-03-02 18:02 . 2008-03-02 18:02    268    --ah-----    C:\sqmdata02.sqm
2008-03-02 18:02 . 2008-03-02 18:02    244    --ah-----    C:\sqmnoopt02.sqm
2008-02-29 15:47 . 2008-02-29 15:47    268    --ah-----    C:\sqmdata01.sqm
2008-02-29 15:47 . 2008-02-29 15:47    244    --ah-----    C:\sqmnoopt01.sqm
2008-02-27 20:28 . 2008-02-27 20:28    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-18 17:30 . 2008-02-18 17:30    <DIR>    d--------    C:\Programmer\Teamspeak2_RC2
2008-02-18 17:30 . 2008-02-18 17:30    <DIR>    d--------    C:\Documents and Settings\Rune\Application Data\teamspeak2
2008-02-18 17:30 . 2008-02-18 17:30    34,064    --a------    C:\WINDOWS\system32\lhacm.acm
2008-02-11 18:53 . 2008-02-27 20:00    <DIR>    d--------    C:\Programmer\MediaAccumulativeCodec
2008-02-08 14:33 . 2008-02-27 20:00    <DIR>    d--------    C:\Programmer\MediaEntertainmentCodec
2008-02-08 14:26 . 2008-02-08 14:26    <DIR>    d--------    C:\Programmer\XP Codec Pack
2008-02-08 14:26 . 2007-08-18 08:54    380,928    --a------    C:\WINDOWS\system32\ac3filter.acm

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 20:31    ---------    d-----w    C:\Programmer\Steam
2008-03-04 20:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\BullGuard
2008-03-02 17:30    ---------    d-----w    C:\Programmer\Nokia
2008-02-28 05:55    ---------    d-----w    C:\Programmer\Fælles filer\Teleca Shared
2008-02-27 19:00    ---------    d-----w    C:\Programmer\MediaAccumulativeCodec
2008-02-18 14:01    ---------    d-----w    C:\Documents and Settings\Rune\Application Data\Skype
2008-01-29 21:13    ---------    d-----w    C:\Documents and Settings\Rune\Application Data\Nero
2008-01-29 21:11    ---------    d-----w    C:\Programmer\Fælles filer\Nero
2008-01-29 21:09    ---------    d-----w    C:\Programmer\Nero
2008-01-29 21:09    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Nero
2008-01-29 21:02    ---------    d-----w    C:\Programmer\MagicISO
2008-01-29 20:57    ---------    d-----w    C:\Documents and Settings\Rune\Application Data\uTorrent
2008-01-11 05:40    44,544    ----a-w    C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:54    347,136    ----a-w    C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51    179,584    ----a-w    C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 10:32    12,632    ----a-w    C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:13    3,592,192    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:00    13,824    ------w    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 10:59    70,656    ----a-w    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 10:59    625,664    ----a-w    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 04:59    161,792    ----a-w    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41    550,912    ----a-w    C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41    550,912    ----a-w    C:\WINDOWS\system32\dllcache\oleaut32.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00 15360]
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-21 20:34 308552]
"Steam"="c:\programmer\steam\steam.exe" [2007-12-01 11:19 1266936]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21 1449984]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 13:49 16126464 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 22:44 8429568]
"nwiz"="nwiz.exe" [2007-04-12 22:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 22:44 81920]
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-21 20:34 308552]
"NSLauncher"="C:\Programmer\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 00:12 2658304]
"NBKeyScan"="C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\uTorrent\\uTorrent.exe"=
"C:\\Programmer\\Steam\\SteamApps\\skaterbong\\counter-strike\\hl.exe"=
"C:\\Programmer\\Steam\\SteamApps\\skaterbong\\condition zero\\hl.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

R1 VFILT;BullGuard Firewall Kernel Driver;C:\Programmer\BullGuard Software\BullGuard\FwEngine\FiltNt.sys [2007-02-05 13:14]
R2 BdFileSpy;BullGuard File Monitor Driver;C:\WINDOWS\system32\drivers\BdFileSpy.sys [2007-10-21 20:34]
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe [2004-08-27 13:00]
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe [2004-08-27 13:00]
R3 PROTECT.DLL;BullGuard Firewall Protection Plugin;C:\Programmer\BullGuard Software\BullGuard\FwEngine\Protect.dll [2007-02-05 13:14]
R3 Reconn;BullGuard Email Monitor;C:\Programmer\BullGuard Software\BullGuard\reconn.sys [2007-02-05 13:17]
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;C:\Programmer\BullGuard Software\BullGuard\FwEngine\AdBlock.dll []
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;C:\Programmer\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll []
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;C:\Programmer\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll []
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard    REG_MULTI_SZ      BgMainSvc BsFileScan BsMailProxy
BullGuardFw    REG_MULTI_SZ      BsFwall

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 21:34:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  MsnMsgr = "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background??r

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-04 21:34:27
ComboFix-quarantined-files.txt  2008-03-04 20:34:24
.
2008-02-14 02:03:24    --- E O F --- 
-----------------------------------SD FIX---------------------------------------------


SDFix: Version 1.152

Run by Rune on 04-03-2008 at 21:20

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\alofkmn.dll  - Deleted
C:\WINDOWS\fkxvkns.exe  - Deleted
C:\WINDOWS\rs.txt  - Deleted





Removing Temp Files

ADS Check :



                                Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 21:27:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Rune\Lokale indstillinger\Temporary Internet Files\Content.IE5\IZUO0ATI\X001[1].jpg 4646 bytes
C:\Documents and Settings\Rune\Lokale indstillinger\Temporary Internet Files\Content.IE5\IZUO0ATI\X001[2].jpg 4738 bytes
C:\Documents and Settings\Rune\Lokale indstillinger\Temporary Internet Files\Content.IE5\IZUO0ATI\X002[1].jpg 4428 bytes
C:\Documents and Settings\Rune\Lokale indstillinger\Temporary Internet Files\Content.IE5\IZUO0ATI\x002[2].jpg 4174 bytes
C:\Documents and Settings\Rune\Lokale indstillinger\Temporary Internet Files\Content.IE5\IZUO0ATI\X002[3].jpg 4637 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 15


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programmer\\uTorrent\\uTorrent.exe"="C:\\Programmer\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Programmer\\Steam\\SteamApps\\skaterbong\\counter-strike\\hl.exe"="C:\\Programmer\\Steam\\SteamApps\\skaterbong\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Programmer\\Steam\\SteamApps\\skaterbong\\condition zero\\hl.exe"="C:\\Programmer\\Steam\\SteamApps\\skaterbong\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Programmer\\Skype\\Phone\\Skype.exe"="C:\\Programmer\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008    1,404,240 A.SHR --- "C:\Programmer\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008    5,146,448 A.SHR --- "C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008    2,097,488 A.SHR --- "C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe"
Fri 24 Aug 2007            0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 27 Jan 2008            0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT5.tmp"
Sun 27 Jan 2008            0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT4.tmp"
Tue  4 Mar 2008            48 A..H. --- "C:\Documents and Settings\All Users\Application Data\BullGuard\Temp\wtslist.tmpp"

Finished!
Avatar billede fromsej Praktikant
05. marts 2008 - 16:38 #15
Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Find og upload denne fil hos Jotti eller Virustotal:
C:\CF21302.exe
http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Fortæl resultatet.
Avatar billede kakster Nybegynder
06. marts 2008 - 19:25 #16
File CF21302.exe received on 03.06.2008 19:15:18 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 26.
Estimated start time is between 91 and 130 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email: 
 

Antivirus Version Last Update Result
AhnLab-V3 2008.3.4.0 2008.03.06 -
AntiVir 7.6.0.73 2008.03.06 -
Authentium 4.93.8 2008.03.06 -
Avast 4.7.1098.0 2008.03.06 -
AVG 7.5.0.516 2008.03.06 -
BitDefender 7.2 2008.03.06 -
CAT-QuickHeal 9.50 2008.03.06 -
ClamAV 0.92.1 2008.03.06 -
DrWeb 4.44.0.09170 2008.03.06 -
eSafe 7.0.15.0 2008.03.06 -
eTrust-Vet 31.3.5591 2008.03.06 -
Ewido 4.0 2008.03.06 -
FileAdvisor 1 2008.03.06 -
Fortinet 3.14.0.0 2008.03.06 -
F-Prot 4.4.2.54 2008.03.05 -
F-Secure 6.70.13260.0 2008.03.06 -
Ikarus T3.1.1.20 2008.03.06 -
Kaspersky 7.0.0.125 2008.03.06 -
McAfee 5245 2008.03.05 -
Microsoft 1.3301 2008.03.06 -
NOD32v2 2927 2008.03.06 -
Norman 5.80.02 2008.03.06 -
Panda 9.0.0.4 2008.03.06 -
Prevx1 V2 2008.03.06 -
Rising 20.34.32.00 2008.03.06 -
Sophos 4.27.0 2008.03.06 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.06 -
TheHacker 6.2.92.233 2008.03.04 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.06 -
Webwasher-Gateway 6.6.2 2008.03.06 -
Additional information
File size: 391168 bytes
MD5: 6909786b561b8d54a2bbfa0cb9d6cd64
SHA1: 9b1d5e3ba3dcd4a206ed620dfbbb87142cd20162
PEiD: -
Avatar billede fromsej Praktikant
06. marts 2008 - 20:48 #17
Så skulle der ikke være mere, hvordan kører maskinen nu?
Avatar billede kakster Nybegynder
06. marts 2008 - 21:22 #18
den kører fint. mange tak for hjælpen. hvis du vil have nogle points så bare sig til så opretter jeg lige en tråd så du også kan få nogle points.
Avatar billede fromsej Praktikant
06. marts 2008 - 22:16 #19
Nej, fred være med det. :-)
Jeg er ikke ligefrem i pointnød.
Avatar billede kakster Nybegynder
07. marts 2008 - 09:08 #20
okay... men mange tak for hjælpen ;)
Avatar billede fromsej Praktikant
07. marts 2008 - 16:53 #21
Velbekomme. :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 11:43 Gmail-ikon på skrivebordet Win 10 Af ErikHg i Fri debat
I dag 09:22 Lopslag Af Luffe i Excel
I går 19:15 Personlige indstillinger på Facebook Af nu_igen i Sociale medier
I går 17:56 Bluetooth Højttalersæt Af valby i Andet hardware
I går 16:52 Flextids registrering Af Kenneth Kirsgart i Excel
White papers
Flere white papers »


Premium
Teaser billede
Oplæring i ny it skaber frustrationer: Mange ansatte føler, at de spilder tiden
Læs mere »
AI kan gøre danske projektledere arbejdsløse, hvis ikke de passer på: "Både hastigheden og præcisionen i arbejdet vil stige "
Microsoft og Lenovo har fanget den, Dell er med og SAP sakker bagud i vores Image-undersøgelse: Her er hele listen
Efter forbud fra Datatilsynet: Nu ændres data-håndteringen i din kørekort-app
Se alle »
Computerworld
Teaser billede
Softwarefirmaet Teamviewer med 640.000 kunder globalt ramt af avanceret hackerangreb
Læs mere »
En pladesaks, 1000W og et Nvidia-grafikkort til 14.000 kroner - sådan opgraderede jeg min pc
Dansk-stiftet ingeniørfirma blev franarret 178 millioner kroner i deepfake-svindel
Test: Endelig en skærm der er god til alt - lige fra gaming og underholdning til kontorbrug
Se alle »
CIO
Teaser billede
Efter stort hackerangreb mod Teamviewer: Stop dine opdateringer og tjek opsætningen nu
Læs mere »
I dag træder nye de regler om registrering af din arbejdstid i kraft: Er du klar?
Frygtet melding: Russiske hackere har stjålet Microsoft-kunders e-mails
Russisk hack af Microsoft er meget større end først antaget
Se alle »
Job & Karriere
Teaser billede
Bo solgte sit software-system for et treciftret millionbeløb: Brugte pengene på at købe 80 medarbejdere til ny storsatsning
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Se alle »
White paper
Teaser billede
Informationshåndtering på frontlinjen: Sådan optimerer du med automatisering
Læs mere »
Guide: Sådan udvikler du en moderne netværksstrategi
Vejen væk fra WAN: Sådan skifter du til en moderne infrastruktur
SASE: Træf det rette valg – første gang
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »